Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/MTNnDZV-MlP6WG1y-4o4qp8lsyg.roa
File:                     MTNnDZV-MlP6WG1y-4o4qp8lsyg.roa (raw, json)
Hash identifier:          Lun25VNzyFV5WQ1nZMML4E/6Wps0qhgXpxfi4lOoZ50=
Subject key identifier:   31:33:67:0D:95:7E:32:53:FA:58:6D:72:FB:8A:38:AA:9F:25:B3:28
Certificate issuer:       /CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
Certificate serial:       018FD587570065D27471B1E560CE0905BAED
Authority key identifier: 1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/MTNnDZV-MlP6WG1y-4o4qp8lsyg.roa
Signing time:             Sat 01 Jun 2024 20:39:27 +0000
ROA not before:           Sat 01 Jun 2024 20:39:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206728
IP address blocks:        77.221.146.0/24 maxlen: 24
                          109.120.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 02:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d5:87:57:00:65:d2:74:71:b1:e5:60:ce:09:05:ba:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b2c219f3c297b775880c3b651a2003f9be6de5e
        Validity
            Not Before: Jun  1 20:39:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3133670d957e3253fa586d72fb8a38aa9f25b328
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:86:c9:66:b2:36:60:75:6a:ec:82:ce:32:07:
                    0d:58:80:79:04:05:31:51:2f:7c:d2:4e:fe:8a:dc:
                    e4:b1:d9:ed:76:7f:ef:54:0f:c5:61:79:bb:55:d7:
                    07:69:8d:e6:67:87:b1:28:f3:fd:45:f6:5d:1a:2b:
                    c1:05:03:23:ff:4c:d6:2b:f1:fd:e7:66:b2:5b:a5:
                    95:cd:06:a4:50:2c:6a:d8:8a:37:df:d3:54:f8:e9:
                    1b:99:55:4a:19:c1:96:21:bf:0f:18:80:a2:00:be:
                    69:c2:1a:e7:7b:6d:97:09:8f:ae:fb:15:4e:16:36:
                    34:c5:07:4b:28:94:5a:85:1f:93:1a:7a:e5:d9:9e:
                    7c:26:c7:d1:1f:40:75:f1:a9:36:c2:01:1b:eb:96:
                    a2:76:ec:be:e8:0b:91:7e:17:57:0e:69:d1:00:38:
                    11:b3:d2:83:45:32:ae:c8:25:bb:1c:b1:02:0b:f6:
                    86:e7:b7:9c:7e:d6:f0:fa:94:a8:86:2f:6c:85:5e:
                    c1:07:73:f9:a2:c8:ea:35:79:12:d5:e7:65:d2:ff:
                    9e:45:e9:a9:3e:23:61:57:a2:47:6e:6a:54:6b:fb:
                    15:58:65:5d:0f:11:64:e6:bf:ab:aa:22:07:68:cc:
                    3e:8b:0d:76:9e:14:a3:09:86:b5:98:ff:c2:e6:87:
                    c7:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:33:67:0D:95:7E:32:53:FA:58:6D:72:FB:8A:38:AA:9F:25:B3:28
            X509v3 Authority Key Identifier:
                keyid:1B:2C:21:9F:3C:29:7B:77:58:80:C3:B6:51:A2:00:3F:9B:E6:DE:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gywhnzwpe3dYgMO2UaIAP5vm3l4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/MTNnDZV-MlP6WG1y-4o4qp8lsyg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/b11a40-48e9-4e06-bf11-92c81f22e712/1/Gywhnzwpe3dYgMO2UaIAP5vm3l4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.221.146.0/24
                  109.120.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:31:56:bd:9f:25:0d:0e:75:24:8d:d4:c2:f4:84:5c:d3:9f:
         a4:80:92:9c:47:d1:ab:56:7b:8d:bf:0f:33:97:df:3e:fa:7f:
         14:73:f2:dc:a9:2d:24:4b:07:6c:d5:ae:d7:4c:7e:c5:f1:b5:
         ba:fc:e1:de:6c:9e:1b:1c:7c:a5:cb:0a:25:fe:21:16:92:de:
         ce:88:c3:a4:89:14:e2:98:5c:da:d2:2e:64:56:73:a1:2f:a7:
         56:ee:03:45:c3:db:26:62:34:41:68:bb:8c:c8:65:7b:fa:09:
         a4:96:3d:4d:0d:4e:fb:47:29:30:d3:93:8f:e3:a6:c9:e7:ef:
         77:cd:93:b2:ae:5b:1c:88:2c:3d:15:54:f8:63:5b:1a:3d:ef:
         ed:c9:1d:01:36:56:5f:f7:f1:72:af:99:40:3b:82:a6:e6:54:
         1c:86:e9:b5:48:bb:ff:a4:23:2f:bb:a1:a0:85:5c:34:66:3e:
         6c:cd:55:50:2e:d5:aa:59:1b:0f:f9:0a:88:79:8e:9a:1a:d7:
         0c:2a:89:78:e0:e9:8f:3b:2c:d2:85:0d:93:f2:05:40:b0:94:
         9c:3f:ed:47:3f:1f:85:08:5b:22:66:00:bd:8e:f5:50:ae:ab:
         2a:2d:61:01:ce:3e:62:45:0d:12:07:ca:e8:f2:b5:71:7f:19:
         e5:3d:d2:1d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/Vh1cAZdJ0cbHlYM4JBbrtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMmMyMTlmM2MyOTdiNzc1ODgwYzNiNjUxYTIwMDNmOWJl
NmRlNWUwHhcNMjQwNjAxMjAzOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMTMzNjcwZDk1N2UzMjUzZmE1ODZkNzJmYjhhMzhhYTlmMjViMzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYbJZrI2YHVq7ILOMgcNWIB5BAUx
US980k7+itzksdntdn/vVA/FYXm7VdcHaY3mZ4exKPP9RfZdGivBBQMj/0zWK/H9
52ayW6WVzQakUCxq2Io339NU+OkbmVVKGcGWIb8PGICiAL5pwhrne22XCY+u+xVO
FjY0xQdLKJRahR+TGnrl2Z58JsfRH0B18ak2wgEb65aiduy+6AuRfhdXDmnRADgR
s9KDRTKuyCW7HLECC/aG57ecftbw+pSohi9shV7BB3P5osjqNXkS1edl0v+eRemp
PiNhV6JHbmpUa/sVWGVdDxFk5r+rqiIHaMw+iw12nhSjCYa1mP/C5ofHTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDEzZw2VfjJT+lhtcvuKOKqfJbMoMB8GA1UdIwQY
MBaAFBssIZ88KXt3WIDDtlGiAD+b5t5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEt
OTJjODFmMjJlNzEyLzEvTVRObkRaVi1NbFA2V0cxeS00bzRxcDhsc3lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iMTFhNDAtNDhlOS00ZTA2LWJmMTEtOTJjODFmMjJlNzEy
LzEvR3l3aG56d3BlM2RZZ01PMlVhSUFQNXZtM2w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATd2SAwQA
bXiIMA0GCSqGSIb3DQEBCwUAA4IBAQCvMVa9nyUNDnUkjdTC9IRc05+kgJKcR9Gr
VnuNvw8zl98++n8Uc/LcqS0kSwds1a7XTH7F8bW6/OHebJ4bHHylywol/iEWkt7O
iMOkiRTimFza0i5kVnOhL6dW7gNFw9smYjRBaLuMyGV7+gmklj1NDU77Rykw05OP
46bJ5+93zZOyrlsciCw9FVT4Y1saPe/tyR0BNlZf9/Fyr5lAO4Km5lQchum1SLv/
pCMvu6GghVw0Zj5szVVQLtWqWRsP+QqIeY6aGtcMKol44OmPOyzShQ2T8gVAsJSc
P+1HPx+FCFsiZgC9jvVQrqsqLWEBzj5iRQ0SB8ro8rVxfxnlPdId
-----END CERTIFICATE-----